From c850ac1d69967698d7ba0e3cb1fce30f78fbde6e Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 27 Dec 2024 12:24:12 +0530
Subject: [PATCH 1/2] Repackage - Ivanti Unified Endpoint Management

---
 ..._Unified_Endpoint_Management_Solution.json |   7 +-
 .../Package/3.0.1.zip                         | Bin 0 -> 4522 bytes
 .../Package/createUiDefinition.json           |  36 +-
 .../Package/mainTemplate.json                 | 409 +-----------------
 .../ReleaseNotes.md                           |   3 +-
 5 files changed, 13 insertions(+), 442 deletions(-)
 create mode 100644 Solutions/Ivanti Unified Endpoint Management/Package/3.0.1.zip

diff --git a/Solutions/Ivanti Unified Endpoint Management/Data/Solution_Ivanti_Unified_Endpoint_Management_Solution.json b/Solutions/Ivanti Unified Endpoint Management/Data/Solution_Ivanti_Unified_Endpoint_Management_Solution.json
index 74f9b92eb3b..497a7edd6af 100644
--- a/Solutions/Ivanti Unified Endpoint Management/Data/Solution_Ivanti_Unified_Endpoint_Management_Solution.json	
+++ b/Solutions/Ivanti Unified Endpoint Management/Data/Solution_Ivanti_Unified_Endpoint_Management_Solution.json	
@@ -2,18 +2,15 @@
   "Name": "Ivanti Unified Endpoint Management",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [Ivanti Unified Endpoint Management](https://www.ivanti.com/products/endpoint-manager) data connector provides the capability to ingest [Ivanti UEM Alerts](https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-c-monitoring-overview.htm) into Microsoft Sentinel. \n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
+  "Description": "The [Ivanti Unified Endpoint Management](https://www.ivanti.com/products/endpoint-manager) data connector provides the capability to ingest [Ivanti UEM Alerts](https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-c-monitoring-overview.htm) into Microsoft Sentinel. \n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Parsers": [
     "Parsers/IvantiUEMEvent.yaml"
   ],
-  "Data Connectors": [
-    "Data Connectors/Ivanti_UEM_Syslog.json"
-  ],
   "dependentDomainSolutionIds": [
     "azuresentinel.azure-sentinel-solution-syslog"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel\\Solutions\\Ivanti Unified Endpoint Management",
-  "Version": "3.0.0",
+  "Version": "3.0.1",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1Pconnector": false
diff --git a/Solutions/Ivanti Unified Endpoint Management/Package/3.0.1.zip b/Solutions/Ivanti Unified Endpoint Management/Package/3.0.1.zip
new file mode 100644
index 0000000000000000000000000000000000000000..fc6f7345c076fe80d3e8d5f92f0061aee50281e7
GIT binary patch
literal 4522
zcmZ{oWl$83*2bxo?hc71mj>zX?ov9JUJzJNYAHct=?-N9k#3ffSW-f1L21MVLAnu;
z>;HXc?%WUep7Y_EIWy;cJiliiBVBA9Dhvz^JPdq?LQ7rig6;zV2F4l*1_tflsk1-W
z5ehc<Py@Sq_;^4)e0>Bx1AKkTEg-(j5@dfA93D0ikVco$j7-Q^vf9URuAc-$Ug^1)
zs!UX^YPvQ&#_XUP9~y@~up*?-MRQL+DA5Ny8U;+fT9Ln6Nx!m(VQz%gm1emPNn>(<
z=`!MWeAa+NKc=nnq~KR%7(XX5FkL*9w+L6W|D-kzI^j;;o0jDsa=(}5^K4R#GPsey
z)77_SLz45ffoa{ToFi2_`;pfe5R~=xr-NfSshrq|H7~V{=m>kG>j%~h7qc>QtCd1d
z8@O7pqjq1Uu3nEbO9I@_Pqm{I*51OEsP5?wPZBXtcZu~$i*T~U($Sc*cr2S?raS<(
zs@GNL1bPmpZH~B_JQUl02Tp)U)A@-+<!BR(F4k^?gp8J5&`QHjZ-6M$by}9=C*}Ow
zfmioo*$t<==TA#^$DjnhQk;p=?-+TN38z7^$s0Ci{Duztk}4(+owKh3TAVJkH_Ekt
z;=mjF9_|PQ`7_J(J30|aU+i+9Rf%<(#R|&#j9H0^iIIE)dkFqvM1Wl1<hQsPx`;Pu
zKelJ}Cp*oV7GDuo)2vDIl)yZ?29v}p7nj$T{hw_GtC{jl(83b_uSLyEJe@oOj2F5j
zE)fV5%B*t7L9!95R=?jy`)BzFb98x?!mJ%tXVF}I?g7yXWeQ!@)mW|v0->=~e)JyH
zv)j|Phr+wcdSaMaCI;*R90+ty2?ZnyXp$zrrFWzkMn`1cmAd7PPv{MjXXPyKru%;S
zRgi7}_SeMm9W<Dp`7z+^`0<3ZaaCI0S&MrPzPBwKxg%HO4O}JK%#GOz_<XT(dW_c7
zB5le*?OOIdfGb`ia-Az`;>~y9E<|sl_2OrHI~?WIN!J*OAm?RNtbNQ-g{mx-p9!s{
z+tJ|E?{5@T!z95Yax|swCT)~p3)1+8gHibF;>$N^i0G)Xi3>>$ea#I1){$|y(9+A8
zfPyr4NiB>WRa+Hr*s~w6j>JfqP#Nsf=HsPQyk&kaL?_ShhU1!dp~hUt2kE3A&$f=R
z_HVqv9accPNkhU!SAq(bAk8c%kP*8UpR(K_#SpmP(hS$zV4Bn_Lqj?c6CN$<Skgol
z#>(uCn~!TL`6fBiU4hS-tL<jlf>2w-m0p)4?f`HB4^ibXPy>(5r(1SPOHQJ&(vdtD
znB)f+&9NTFa@W|GJy6r_xz`^&$dX0_?)uZ7qC=$6xMwVqGf_NXwe@*@_oLjx5&)5J
z!=jWe|D31roXiilJyTr#h-|(mr{>S_gDVIqjHzh^LRR0>a#j?dO87U?d_OcD;nAeA
zoFHCf9H(bkyJR6%9q*_FAT?>%`iI~R9~rm1+(afZ1Csv?II(XoB&2q|e&y-FAYtMH
zi72yL=Gv{KQ@;|{8UH3ayinBk^p>)u9S{yux7;5#{InW;8Rh8pV;hYCOGD@Xc*9y#
zZa=DWCvWlrKW>W!JE!a<y|CpStURwrY`r$({^h{dqTc_!*&TF!okez+n9t87`%)5K
z$W2!JLf+YRn=IKjRoZdU+Fyu)1eJl2SkR=imF~-ABjUxPAej)Jrky({H&Z1GoVmct
zEZLdrv3AqDIC_cRQw3_r21iQ^P1TQ#54|oj5CDEJlUs2N0Fou$k0BTp+M{4xfI@M@
zQ8y{AotB%_mYW$IYz4Db!FQ_WwF)hfLdWAMYqVM7cdB(3b}xg4EXK1zPadiIchMg&
zeqGNl;Nr<)-fICwfFs-CE<!3kdxHK7X+uind-ggio2yZz7|5rl%Ti)6U8$TE8e#TW
zYr@&O<-s>_Mu+bJYv)5%=biqRor6%NPOG9a&2RgTXnB?;WX$igX%x7?b-~cFo~7M*
z<_F9?px58PVsZ%A+12ny*i!n>cvCvlT6iAf*RrOJ_>ybJ$n6uS(PxSoaT>|fKFhmN
zsptWc)Z5oS#J+8%OlK>6z7lzTlb_?X%U2(?Bzy5z9+W#%#WorthR-IguB$a+W{eZQ
zg@f_dZdsPMn<;v~1%)MWr<dNh$!#g#-QpVkn-DVgg_dEFf9U!MFff2mFfhpf5(47r
z;bR7dJoo;~iT`86fmQflHZVLypn9=4Kg8^RKGp4VdX~1G<CWyq_)cIC3J@eQ(Qxt>
z%&4RUg<8^XC`^R6-f~=}QE~2lZeAr}jB{0WO!#p&vVNv<GMH=6I)BS|mBTUAqdIR*
zKz=rO@~n?OR%(EdB0~#)Eaai0!A#g9qM(qc*B8LO-jTWcmD>+>i0&q&7{R1*Ij3}+
zu@6xlMmeWPHnC_AfRZ?hcin*x6C<j?#?;uXjhHaZhUdIF{OP7sRk^~GJ^+7m!>v5d
z@3+(4nOGjcM13Ch4gW82Koy3omJ3#ibq->VIt54Fmpw!`A@!{$?2|jkba1_!;cUpX
z)38)OD}xpUpGKIJuulDwz%KDNPpjUBL(GaU>Yb~Y4Eu}<za!MD`*KXc0Q-cU!~}UL
z%2rgKp!p}iQS6XZBW@yFzs9v3PIE=U;3j%uCmLm9aL3lA4M@a0Q8w;3f=g>k;oGtu
zqIhf&S8nu_FWOu@Ha;}Y-{bn(Zwy`0@rNp^{Cun|_C4Cc-bCF=d-_&f_wXfL{yT%n
zdf7!rh_0ISskX{f)TxAHNdYV<`V=6~eiifQ#G$R;z+d*(g1ED#QxLNd)p*p+MhKvd
z6U!r)#1jo2Oee(SprEEOFi~XZ?<R@oj*uS25)c0fmyPK+Z$ISBmULf8X{$4Xxm}mw
z;h4kxMreL=4D|OPm|ypB;48<je?|$pt6_Ea6vd0xS2;<4Cg7%8#~He$$D<W9qVPRm
z{}r|dHYh);%$?k*&T|dg=8P9|^WFS{L|X8N;H0}3ObJsOgiF6KWu7`;6qy!Jt<T>x
z;Z)KYkYUjuS*W0E%Ep?1p3&WPgYO_FfVpW!stvA?aDo(}$^0Lwy6qD^hGeu)O%*pN
zStS`OAI}%(s7zI@zc`g==}FWsMI^<{#m^0!9Q#eirb<6zDJCyc65N<1L*mCs=#&CP
zK+ZIjzPJK}mTp73l)Q%l%5NMOJtYln-10Qe*FiHr^9@>iy%qyeI}-6lC2j>3%}ekK
z88leKhhw#7D2nNcWmni6VZ{rzID{U1)RES@${dooVsk5Dp7^pDH|2L!YvPkSCylbe
zPAgB*3a&;!K~ILy-t5G=fF6F)AAVHlo%1q_>~{-zaLTsQH1BJvC%IAN?Uz^|=l#!P
z#`@W98&Q{;)SO;ko>>6OWpiDFT_O#Em&g;x@`g1q``ro<^p%k9SK8=KL+OCb-aY3H
zeQPFfH;5^ar5JK$viqK~dkjS$`hv_Lc%n_$=$ZE6xPSbsD2M1J5SwXdR_?e#^jl@1
z>XPYnK_b|AtnNIg)MUegip^ZjHFW&bw6Fd4Hhd55BU!1Z)>%ExyNDn~_nXw$!Np$|
z-rO3&Rw(X*n5(s_+~>m%P;U%Sp2Vgvf-X(EJXkv#7ST9M!Ucw`v@hAJBFydi)AgiL
zn`=}Y^qxs6gOOc+BBSaw{GCFU?|8bJU1nNOC6di%f+>tX{Sut-c+?!_D*j;y)B01H
zeM^X;Vlm}pKkYQdnHLjI<xvri1D$3Zp8OA@9}Lvlhy^PULQ|pg_Yg;Dg$&z-%P?FY
zX$843&C&2bXq6E*WiE&!;nLH<U7$kz!Rc=^nh~mcRDj4JX&DOb?=TuZro0jDfBQ4y
z=+h4O{RHKe{nvZ&ci4*qyKwouDb2H+-(HO)P`o-73u&?ke}D1Hw6GBu;c5#0Ic)#?
znWr%Z{yNKq&ly;80|pe_g<J7z1Z0Y)q>XNGS?A7-G6i<+Dm*WjbLPmVad7pa9Q4QZ
z^o%y$BUk9nV6y?H_`RvJWIPz;b*J6dyg9QCNkJUIPVAM;{o=;-sSs&s5YQ7*w_Sg#
zQR^|FdXF~0Fb7Yn#+u6W9x-tx74RJ4v?tCPk%@m%yUCD~hh~4VrbefvxHrRyglWSM
z%2xAnJw3jy5RFp@3%clHW~ch5FGmiVLqZ$&YGqmgX{N&wM^}(W{sg(XRA~8)=k2WC
zVTuMUeOKl#kPs$-Hq_8rZuqu9BljUdx8=poQr<!ZxZvAJwN5!h2MMC9hR^c`f5)}l
zf2bAj%S%`PH!KC-AiW^rmL9R6AYBK*nnV48K{#&`swx9APvQ<;Y~c(3>}<9@g9v|W
z*2Ypt=3`B~VvST$^o~r<pPR**|A4M}|K&Zx+lCj{dLhth-YzpX&P1FuSCN;+JFJ=2
zY4mQILG`k_g7{miv_wK?PpW<^9I2WqIN=_YBBSPConNQ<K%}#uk4F?c?sucfM301~
zTSMzv=2(wbi`rO<#3af>Wj@z`-VxN_*>OD!Xt}wSEVLHO7x)ZzHnjw$wRr%o3p8sM
zM){HrX%8gCV`RmmZeKSj`Y(Qkt@Kh4uTFM82(NBb@NO)9=nK#6(J$>>{^dS<>4Wv+
zXiuk3DS&qIOAllnnVpA(dVGMo$p(ULSHDi$K4U(CB?&*hF+hTrkP(koWS5X3eQ5Fv
zQj0>R9#v-x(0$NZlwHvpPL`_eWv$+OJ5my3?xB6TYn4|7o|-2o<nxUDR!n^^(M-(A
zE!^iata+4KY1TaE08`pHA4{@EaVqYgaY`4}LafTcJnN%=Te(VH3U4))?jjy;ghI-K
zn#C|5JGSD?8g5G~(VFqkF<yipslj&V9=bI8nzZofU#Hn?iAsbHd|Y}PA)Dty6Kg;6
z{<x)a@0!^7w-)CO&-qTz);_UGL(0f?2gi9VZ=5QRhmTfF>orNLO8lREsD==Xwkc3e
z+7KU?W)FW?a|~0PNkzJHpHp8)TC_`PuhLqsmN6tN2_Gn-)n?bA`FkO$8C>h-qrjDK
zX>+eFj(O76U->ErK!7!*nZ}0bomwfVA-;GH_vQI<8wwJM=Wb~D5^I&g+Ez{wc0ur}
z3nt50EH7J}TrpjivK}?pB+lY&Io9=-u{j>g5b;a&*dn29#^hDb{?t@DZzwWcIb`9v
z{CHb_HwbK0DL6dliM`DhJnZf9yVxlO8rT9JK2CIk`oo;^0d%1o%*TlBeh!5U9#KAm
zL@xs3FZ#U|4#A(ms~Er)PdzHEJ<xbIA*X+8c;JcLi?6D>N3VVo<|+sor=9biDvF<`
zPL5)QUgfBOrY<|e0K{pSBeS^#i?f=jXcTFIxqZR(Xi$dWH2Y6l)^`z4cuU8v1&M=6
zibPtOO|XL14clzkE^`{6M)EXD=SVV?7r_XIU4k+V>y1{m<DT@$Ccnfs)G76^$FA)J
zvFZ-fY_&TxIZ3`F4E7~cq82SD-G6~NHk0hEuj!!Xt{5(A<1y~4e&jv*4yq+GD9KMv
z9B=Oa2PuD?rL{ft(anzXM$U%DxE@ppkrRW+4R}?LRa4f)3f{+;znyH>6#M(G<R<v>
z?NXtSFn@5+mt4AJpvjdawnFx0QmMm`c~>ay@Ftu`>k26maUVI;(fWVFx@`}7H{ILk
zgT32-1YF$j)b&n)3k<aF2A_Unrg|P}!+WF?xb}GOH`R4Q!6f|a+k0@n!Bxf8p-?m!
z+4h0^letwbfwN*;xL;Q}K5awbn?HK?J`)Cz-aziu2?bw<(!Fi)q(@V`BBU^LgG=gq
z?`6|wi2Bhv7W&@uz{z5&Xq%O`Cz^>Ah}`vr(da}}Z<QTRBqnxBsFPAy77>IOA5I8u
zJUn0<>0)A0Vf^nz<gew$z{FtvNB-9T$VdM3$bU1<|E&K15#Xc$Vxf(60e{CB7+8P%
M)n6t1$7o~x3kFYJ>i_@%

literal 0
HcmV?d00001

diff --git a/Solutions/Ivanti Unified Endpoint Management/Package/createUiDefinition.json b/Solutions/Ivanti Unified Endpoint Management/Package/createUiDefinition.json
index 795ce5851c0..01f2a2d4db9 100644
--- a/Solutions/Ivanti Unified Endpoint Management/Package/createUiDefinition.json	
+++ b/Solutions/Ivanti Unified Endpoint Management/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Ivanti%20Unified%20Endpoint%20Management/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Ivanti Unified Endpoint Management](https://www.ivanti.com/products/endpoint-manager) data connector provides the capability to ingest [Ivanti UEM Alerts](https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-c-monitoring-overview.htm) into Microsoft Sentinel. \n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Ivanti%20Unified%20Endpoint%20Management/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [Ivanti Unified Endpoint Management](https://www.ivanti.com/products/endpoint-manager) data connector provides the capability to ingest [Ivanti UEM Alerts](https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-c-monitoring-overview.htm) into Microsoft Sentinel. \n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -50,39 +50,7 @@
         "visible": true
       }
     ],
-    "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for Ivanti Unified Endpoint Management. You can get Ivanti Unified Endpoint Management Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      }
-    ],
+    "steps": [{}],
     "outputs": {
       "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
       "location": "[location()]",
diff --git a/Solutions/Ivanti Unified Endpoint Management/Package/mainTemplate.json b/Solutions/Ivanti Unified Endpoint Management/Package/mainTemplate.json
index 36f046318ec..360124ce51d 100644
--- a/Solutions/Ivanti Unified Endpoint Management/Package/mainTemplate.json	
+++ b/Solutions/Ivanti Unified Endpoint Management/Package/mainTemplate.json	
@@ -33,7 +33,7 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "Ivanti Unified Endpoint Management",
-    "_solutionVersion": "3.0.0",
+    "_solutionVersion": "3.0.1",
     "solutionId": "azuresentinel.azure-sentinel-solution-ivantiuem",
     "_solutionId": "[variables('solutionId')]",
     "parserObject1": {
@@ -43,15 +43,6 @@
       "parserVersion1": "1.0.0",
       "parserContentId1": "IvantiUEMEvent-Parser"
     },
-    "uiConfigId1": "IvantiUEM",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "IvantiUEM",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
@@ -64,7 +55,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "IvantiUEMEvent Data Parser with template version 3.0.0",
+        "description": "IvantiUEMEvent Data Parser with template version 3.0.1",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -78,7 +69,7 @@
               "location": "[parameters('workspace-location')]",
               "properties": {
                 "eTag": "*",
-                "displayName": "IvantiUEMEvent",
+                "displayName": "Parser for IvantiUEMEvent",
                 "category": "Microsoft Sentinel Parser",
                 "functionAlias": "IvantiUEMEvent",
                 "query": "Syslog\n| where SyslogMessage has_all ('Alert', 'Message')\n| extend EventVendor = 'Ivanti'\n| extend EventProduct = 'Ivanti Unified Endpoint Management'\n| extend EventCount = 1\n| extend EventSchemaVersion = 0.2\n| extend ed = split(SyslogMessage, ' ')\n| extend SrcHostname = extract(@'\\A([A-Za-z0-9_-]+)\\.\\w+', 1, tostring(ed[0]))\n| extend SrcDomain = extract(@'\\A[A-Za-z0-9_-]+\\.(.*)', 1, tostring(ed[0]))\n| extend EventType = trim(' ', extract(@'Alert:\\s(.*?)Message:', 1, SyslogMessage))\n| extend EventMessage = extract(@'Message:\\s(.*)', 1, SyslogMessage)\n| project-away SyslogMessage\n             , ed\n",
@@ -130,7 +121,7 @@
         "contentSchemaVersion": "3.0.0",
         "contentId": "[variables('parserObject1').parserContentId1]",
         "contentKind": "Parser",
-        "displayName": "IvantiUEMEvent",
+        "displayName": "Parser for IvantiUEMEvent",
         "contentProductId": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
         "id": "[concat(take(variables('_solutionId'),50),'-','pr','-', uniqueString(concat(variables('_solutionId'),'-','Parser','-',variables('parserObject1').parserContentId1,'-', '1.0.0')))]",
         "version": "[variables('parserObject1').parserVersion1]"
@@ -143,7 +134,7 @@
       "location": "[parameters('workspace-location')]",
       "properties": {
         "eTag": "*",
-        "displayName": "IvantiUEMEvent",
+        "displayName": "Parser for IvantiUEMEvent",
         "category": "Microsoft Sentinel Parser",
         "functionAlias": "IvantiUEMEvent",
         "query": "Syslog\n| where SyslogMessage has_all ('Alert', 'Message')\n| extend EventVendor = 'Ivanti'\n| extend EventProduct = 'Ivanti Unified Endpoint Management'\n| extend EventCount = 1\n| extend EventSchemaVersion = 0.2\n| extend ed = split(SyslogMessage, ' ')\n| extend SrcHostname = extract(@'\\A([A-Za-z0-9_-]+)\\.\\w+', 1, tostring(ed[0]))\n| extend SrcDomain = extract(@'\\A[A-Za-z0-9_-]+\\.(.*)', 1, tostring(ed[0]))\n| extend EventType = trim(' ', extract(@'Alert:\\s(.*?)Message:', 1, SyslogMessage))\n| extend EventMessage = extract(@'Message:\\s(.*)', 1, SyslogMessage)\n| project-away SyslogMessage\n             , ed\n",
@@ -187,398 +178,17 @@
         }
       }
     },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "Ivanti Unified Endpoint Management data connector with template version 3.0.0",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] Ivanti Unified Endpoint Management",
-                  "publisher": "Ivanti",
-                  "descriptionMarkdown": "The [Ivanti Unified Endpoint Management](https://www.ivanti.com/products/unified-endpoint-manager) data connector provides the capability to ingest [Ivanti UEM Alerts](https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-c-monitoring-overview.htm) into Microsoft Sentinel.",
-                  "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**IvantiUEMEvent**](https://aka.ms/sentinel-ivantiuem-parser) which is deployed with the Microsoft Sentinel Solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "IvantiUEM",
-                      "baseQuery": "IvantiUEMEvent"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Sources",
-                      "query": "IvantiUEMEvent\n | summarize count() by tostring(SrcHostname)\n | top 10 by count_"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "Syslog (IvantiUEMEvent)",
-                      "lastDataReceivedQuery": "IvantiUEMEvent\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "IvantiUEMEvent\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "read and write permissions are required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "delete": true
-                        }
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**IvantiUEMEvent**](https://aka.ms/sentinel-ivantiuem-parser) which is deployed with the Microsoft Sentinel Solution."
-                    },
-                    {
-                      "description": ">**NOTE:** This data connector has been developed using Ivanti Unified Endpoint Management Release 2021.1 Version 11.0.3.374"
-                    },
-                    {
-                      "description": "Install the agent on the Server where the Ivanti Unified Endpoint Management Alerts are forwarded.\n\n> Logs from Ivanti Unified Endpoint Management Server deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the Linux agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Linux Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Linux Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ],
-                      "title": "1. Install and onboard the agent for Linux or Windows"
-                    },
-                    {
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the Windows agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Windows Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Windows Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ]
-                    },
-                    {
-                      "description": "[Follow the instructions](https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-t-define-action.htm) to set up Alert Actions to send logs to syslog server.",
-                      "title": "2. Configure Ivanti Unified Endpoint Management alert forwarding."
-                    }
-                  ]
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "Ivanti Unified Endpoint Management",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "tier": "Microsoft",
-                  "link": "https://support.microsoft.com"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] Ivanti Unified Endpoint Management",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "Ivanti Unified Endpoint Management",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "tier": "Microsoft",
-          "link": "https://support.microsoft.com"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] Ivanti Unified Endpoint Management",
-          "publisher": "Ivanti",
-          "descriptionMarkdown": "The [Ivanti Unified Endpoint Management](https://www.ivanti.com/products/unified-endpoint-manager) data connector provides the capability to ingest [Ivanti UEM Alerts](https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-c-monitoring-overview.htm) into Microsoft Sentinel.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "IvantiUEM",
-              "baseQuery": "IvantiUEMEvent"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Syslog (IvantiUEMEvent)",
-              "lastDataReceivedQuery": "IvantiUEMEvent\n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "IvantiUEMEvent\n            | summarize LastLogReceived = max(TimeGenerated)\n            | project IsConnected = LastLogReceived > ago(30d)"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Sources",
-              "query": "IvantiUEMEvent\n | summarize count() by tostring(SrcHostname)\n | top 10 by count_"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "read and write permissions are required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "delete": true
-                }
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": ">**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected [**IvantiUEMEvent**](https://aka.ms/sentinel-ivantiuem-parser) which is deployed with the Microsoft Sentinel Solution."
-            },
-            {
-              "description": ">**NOTE:** This data connector has been developed using Ivanti Unified Endpoint Management Release 2021.1 Version 11.0.3.374"
-            },
-            {
-              "description": "Install the agent on the Server where the Ivanti Unified Endpoint Management Alerts are forwarded.\n\n> Logs from Ivanti Unified Endpoint Management Server deployed on Linux or Windows servers are collected by **Linux** or **Windows** agents.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the Linux agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Linux Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Linux Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ],
-              "title": "1. Install and onboard the agent for Linux or Windows"
-            },
-            {
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the Windows agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Windows Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Windows Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ]
-            },
-            {
-              "description": "[Follow the instructions](https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-t-define-action.htm) to set up Alert Actions to send logs to syslog server.",
-              "title": "2. Configure Ivanti Unified Endpoint Management alert forwarding."
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "This data connector depends on a parser based on a Kusto Function to work as expected [**IvantiUEMEvent**](https://aka.ms/sentinel-ivantiuem-parser) which is deployed with the Microsoft Sentinel Solution."
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentPackages",
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.0",
+        "version": "3.0.1",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "Ivanti Unified Endpoint Management",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Ivanti%20Unified%20Endpoint%20Management/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.ivanti.com/products/endpoint-manager\">Ivanti Unified Endpoint Management</a> data connector provides the capability to ingest <a href=\"https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-c-monitoring-overview.htm\">Ivanti UEM Alerts</a> into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Ivanti%20Unified%20Endpoint%20Management/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.ivanti.com/products/endpoint-manager\">Ivanti Unified Endpoint Management</a> data connector provides the capability to ingest <a href=\"https://help.ivanti.com/ld/help/en_US/LDMS/11.0/Windows/alert-c-monitoring-overview.htm\">Ivanti UEM Alerts</a> into Microsoft Sentinel.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector.Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong> Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -607,11 +217,6 @@
               "contentId": "[variables('parserObject1').parserContentId1]",
               "version": "[variables('parserObject1').parserVersion1]"
             },
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "Solution",
               "contentId": "azuresentinel.azure-sentinel-solution-syslog"
diff --git a/Solutions/Ivanti Unified Endpoint Management/ReleaseNotes.md b/Solutions/Ivanti Unified Endpoint Management/ReleaseNotes.md
index 43fa1986daa..e8ee10d739d 100644
--- a/Solutions/Ivanti Unified Endpoint Management/ReleaseNotes.md	
+++ b/Solutions/Ivanti Unified Endpoint Management/ReleaseNotes.md	
@@ -1,4 +1,5 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                          |
 |-------------|--------------------------------|---------------------------------------------|
-| 3.0.0       | 24-07-2024                     | Deprecated Data Connectors                    |
+| 3.0.1       | 27-12-2024                     | Removed Deprecated **Data Connectors**      |
+| 3.0.0       | 24-07-2024                     | Deprecated Data Connectors                  |
 

From 3c89814c54887220120cad2ca7284537bd3afdcc Mon Sep 17 00:00:00 2001
From: v-rusraut <v-rusraut@microsoft.com>
Date: Fri, 27 Dec 2024 13:37:42 +0530
Subject: [PATCH 2/2] Repackage - ISC Bind

---
 .../ISC Bind/Data/Solution_ISC Bind.json      |   7 +-
 Solutions/ISC Bind/Package/3.0.2.zip          | Bin 0 -> 4837 bytes
 .../ISC Bind/Package/createUiDefinition.json  |  36 +-
 Solutions/ISC Bind/Package/mainTemplate.json  | 386 +-----------------
 Solutions/ISC Bind/ReleaseNotes.md            |   5 +-
 5 files changed, 11 insertions(+), 423 deletions(-)
 create mode 100644 Solutions/ISC Bind/Package/3.0.2.zip

diff --git a/Solutions/ISC Bind/Data/Solution_ISC Bind.json b/Solutions/ISC Bind/Data/Solution_ISC Bind.json
index aa6fb3a9ca5..40996ff49db 100644
--- a/Solutions/ISC Bind/Data/Solution_ISC Bind.json	
+++ b/Solutions/ISC Bind/Data/Solution_ISC Bind.json	
@@ -2,10 +2,7 @@
   "Name": "ISC Bind",
   "Author": "Microsoft - support@microsoft.com",
   "Logo": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">",
-  "Description": "The [ISC Bind](https://www.isc.org/bind/) solution for Microsoft Sentinel allows you to ingest ISC Bind logs to get better insights into your organization's network traffic data, DNS query data, traffic statistics and improves your security operation capabilities.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
-  "Data Connectors": [
-    "Solutions/ISC Bind/Data Connectors/Connector_Syslog_ISCBind.json"
-  ],
+  "Description": "The [ISC Bind](https://www.isc.org/bind/) solution for Microsoft Sentinel allows you to ingest ISC Bind logs to get better insights into your organization's network traffic data, DNS query data, traffic statistics and improves your security operation capabilities.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).",
   "Parsers": [
     "Solutions/ISC Bind/Parsers/ISCBind.yaml"
   ],
@@ -13,7 +10,7 @@
     "azuresentinel.azure-sentinel-solution-syslog"
   ],
   "BasePath": "C:\\GitHub\\Azure-Sentinel",
-  "Version": "3.0.1",
+  "Version": "3.0.2",
   "Metadata": "SolutionMetadata.json",
   "TemplateSpec": true,
   "Is1PConnector": false
diff --git a/Solutions/ISC Bind/Package/3.0.2.zip b/Solutions/ISC Bind/Package/3.0.2.zip
new file mode 100644
index 0000000000000000000000000000000000000000..ac4c9296ee9999403dfdc1d07ba3c590da2e2504
GIT binary patch
literal 4837
zcmZ{oWl$T8lg5J<Cpaxmf#N|^pcE<YE=7a8l;F_f?(V!e6e$wi-K9uz2v(es0>vrU
z_ipCqKKyU@!_Mx`K3{+Hthy2!Iw=4Ezyg?A=6pObXT{yY003GD004@=QwujMGj}T;
zJ83IxJ7+t0I~Qked#H<ZsqTsM8kqEtION>5zzK=boN7r0Mt67tVrxfLFl4fO7$Cqj
zC}QSLtw`23dW&0Uvr>Gf;7Pzdu6atjfr%a@Lz_S0)eUWXxWEnEav-r0wdvzU&uS_a
zjxV}rn*7+OnSa?Ieri$bLs`|?#y>0RO-ZYwH06R}D)%Ove*)eq^pisai$j|zUvDnD
z#pkv|V@R)WaAjOSN&ef|Vq0VrpS{&U*8IlocPzM@lR6RhO|0M&^E~GPd6@c6d_0mz
zcSx~h4Na7IKks(bJvf4c1^=JMw@TL1j_v*4nXV)b8mq$>YK&@qhqq%zGIB7FOq?8@
ziE-CBaxMnx<yQIQ=XoVjQj83u;4oEL8+M(t?uRLO*gn`8y^cI;>U%FCJcAC&zsoq~
z`0(Ve!5RJQwzT2VTQqzrnSVg?l57b=wj4X4sPJ{MNZxErPZ0_Xt5;SODfBD0ltH0E
zJGy_E>DlUMSm_A8!>IL0VS~QE`n6auMqBVB_kk5eWyRwA$>(BfwhvS!UnE<rMYTT`
znG3ksVc$J;oCY7hopixz;+CM)@~DAPF%?BATTJ;m<hpZ-1}8gABzlvABpLC%)mYRK
zjOpj7WXXDmz{y!CeNT&6_0oxYrjWKsTsrBjZOp66p!A6?Nfg<aymcC6S<+AI`p9g_
z%7yPf<6OSxM8X%LbI!;YCR^|DZR5#CjT`uR)LlDt?=h>btI{GF%+gi1u6{Ci*0yd6
z!2gi%HuUQ=2|;FqMwM!u+rA1?(drp2<FiUnA4O!QIkGV=a<hCLM%8c}7=&Yke3Br6
zf$+iHiMT$AW<G5kG2FEi!#;?oSn*o$h;AG8;Hdtis~ftkyb%)A{A%fg;*M+zOFn=<
zFf4()`dGk)rdq~`r*KyoGTYhi3#O&>A}$fWpfofv_XWwr(E`*udl+(mr4Hq&qU+xd
z-^J_T!-B_D@ZA*;tNDp+>R9YwTiOC23_fJWjlkH$TnOK|y1QN(M-Dv>1N9GV<J_cm
zH6|g314WViOvGhjnjzO%Eb^6_(XH2+CP>0eM7XgBW}?-lk??#b?g|@IHL7u_&zk4g
zd>`H#<-Ke_Lo=d@6#)vii{OO*_Pb8&SB80of1vVjF8MVvr-6o*;|R8(JYrAl&NQM&
zln#T{>t9DBP9*Z$qBtyh2&YP`md{?V-kB7kG6hVUS};eJ&{AK1Lw6sU<1l@--<cPp
z;n3#ryFNm>+csLHs9%sdrY%a*<-NHO&Y2AJU3uegZO*jzyHuVzjX_m6nX@;CI3_OQ
zh>k=B9TNK&+|=J<ea8oIvv(Q$WF;<t=_LWfx{|RkHa!H*%u00-xYR4hF(qL|2OFP3
z6<fNL^{MMKr*cL&*q^`Y=pb&-4UjOx1$0~k?CNjr(T_9x5qg~)I0p9aOChK+DLccI
zGuG#;>g^^gDq{~+s!AuWWtSh>>YDUxET7XfFBH{DgHAd*80=btep<&+{-(CBKjvkr
z_I-hn2|*D8*1@z)e=4ZG1%H#ijkC^gS5YEl25IKt`_U7~F~|sIQ^$S_5nB+ljNOn+
zR-Sbx6AkeEVZ-8V3x<-<ip^OpbEyh2C65(o;s0YOAr8}2&e=d>gXcny`V!_t22eyg
zK^-+p4-Kt<Ceib^CVT7MDs_CK9puyu8kjSfy8pp19ZXRkD>3l{8Gi}vdtF9XM=u$J
zT_fX6tT^7mZW%#LBbynZfE@xu%fN@FXz2-w`b;pDtuyo3{H$ZytK&}CE-(dzXm~5_
zkl60YBKN+UVoiRp<X@=Bc{llpMUl4e2zr)f<snT!P*qddwOOvSb#1BOHANqZf$*RZ
zLu*-h^wCpfwnSF~{KO@GED?Guu9IiK>3Clhv)s(=5%#Lc_yG}Q=z5ervhmq3Jf)`k
zUdScu?b#I^(oMX&yd4lq^)`6>InY0t2Lk&IqPE_A^mVwCbf)eW3#V<C1o1udo<=!V
z1zKL~U&@@h4hP)c5UT$#7P$XnVKi(3iGlYQ36cN+(O)b$nb|pOTRFKp{)NMT1L2Hn
z&20^Q-Npa(LVF{=B%V8cep<E5v&?zUS=58NHqD8SvlcBWaWI>)4PZOu#1Dfv{L^gO
zZ~#EZPA=f~<XbrtI%8sVb>;4DOSwIpSHrS<Qt-xYE~!DAGmy`U4B1vsz)Ke>f;L+w
zQGYkpn#MHgoZKID4RE<q2{^C%vuS$>V~RZoA_NUt7}6Y(F_FbHhVNy1V_suJ#d*1d
zg+7QB_tE~zm;z;$h^3A8xd;KI1kz$MUms5N?$$@zBwt0zr!ehbtd+i$3Kt-jv5w-z
zG7^j*&_?BD<PRU^+~2c&jP<9G{(`I5IX_4;&c*}i{J1x;T&#JSjo(+$sYJO$p8R5V
zJyGUQ$YH7sv@LK&gZC8nQbp>H1YfHOk<3q2zHSll^Ha8aJDSwb@nM~{7`zOmccP_e
z)3mvQX5S-iR#~!i?A_!WJ{D}UVD;`(B_FgRT!qbCYw7!4ncVO%bm`YU7EctZ4<>jM
zn|N4vSxNN7$r^O^#BGqhDfa!hjD@r(RA6}G4@M+86L8Q*v=t+npB6-Rd&E0N(TE2>
zze@1h4?JdVS%V+TB07yT3W6l+=DQ)#Qc~VocBRl+5-2$MN^*wM9)lf!+$J+@JJIL1
zYJ;P(Y#w}h=6quhJ7rE<l3%QLGK_kJ70NL}wC$elMBj`M;h$S>VGAh@zhtX+z$+t>
z<{aE5Q!Z0bA)T;wW+OZluxy?R)WZ5O^vi&wYkHd-%9+>v%F(M9hX=}M(<}DjpxH2_
z?s1$1$^IZ5iX!yuld2C-lET-gk8sgzd|Pqg=7NIE>v|t<YsX<pe)QeivYx=oSjC9X
zHRb9BNi}KB+&}H-5Z9{%p0)Vq#S7$NsPj?c?00D-J@eCq?nrhsqa$W~HAbRI3Qaud
zl{qUbB{EZk0AbYVR}zK0V=W1VtUn2vZ4$VVDaU7JTu5yGq;B@h(Y+zrbh(*hy|o!{
z{N#=o^8_6tqbv$pQdW`mdHgCVI{%4%ZIN$UcPJm)H5$Aooba@el9g`BC+|BTl0Iy-
z#y<bxOIRAjPi|)TL~l@0PtHCt+iJum_(}D(KCY4xY^7`~-fEfyhFqr$7R@l&Z!h08
zSRtl`V*&*RdDgg#h5AL%v(eMp&d<-pXOA$bg*xz;$5G?>${{%xW60GF$&m2XXtS`w
z#Zs;9`!Hw=#fK|M639em2vPA%>6*MmiijI0r!&C^OvPld_v(T7SiXx&enWbozF1Sg
z?|8fcofgf4ug=(y#f`1oa#1p0iivSmdXzmehH<<7hmC@w*vCRtQ@SiDn-&9|7}XT^
z57^w)s-^#^4u+m^l)qj+C&t8h?!e^aKk)GcL;EfoOLil6YQfiQ=Ly%4CF+8AhCXa1
zLcq<XbvJaC@hr5uCHMH{o@$UR83B65Kwg^0GPVphX)EM16P~sQax39vY1N&clm8hx
zVkR-f!nbuM7`L6sPd0<qG4#rsI82$C-&1<ni!t=diTEj>+1YoCnFQ4_n6sj_%uHS+
zC7l8@5Hfe16eSzLW9Na5p~VHd!&?Mku|kODf>B5r^;Wflq+$8e;Rm3oLKN`@lD<-F
z-^s3&z2%#`p!g}CJK^AEz(FESe(3}oEReJTbsTBZ|0GHrpjCWbd4B~1R?>^^;k(vK
z_AG@w0q5FA%RYIfdPT%pQs=IX2}fi5xf9==o)KxQBh^GtGCkhM)va{`rv<UBX(&W4
zR*0(45|Gp~B2yQ+s7($kEiX=83P$?g2Im<=!8R^cseW)(gN!@`8L-BjFLiA8v+$;a
zxyXp|&iZ1q2>iNw=bkPl>U`(Hud(ct$PkQ0P7$7_fWn&CHJbYTlC-}98)xTKh#!Nt
zSnF(_tc$}?nlSl2(o1n<@;v3Bi>`tq6d2=YQD=rXUXFBG_9MdmN^iXLY(-2~2LHwC
zJ^gJ0qarKf4khHz^D@oey9JYT^6<5+4wA|3_p8iF@o9eW4<n?tbds~FszlIaGN*CO
z1lj`m7xyit>>CNS97u{qtbH$G*IeExHq6t4*e)T?blSuOTI=e#LAHnnY9L8awBXAM
z0`)up?Qb)~Wq>w_$>h_SMe0!CqPF|3vwx0Jx1SD0)VCP!o7c@P;rSf>Le;uTPiC<V
z2i63RWYJ%K1ZayD+dRaZOlvlRe~7kJC8U#FfoJY+jOU5L<t9Og;_;$X&wD>2jVVQ3
zIhNNt`;Jh(_2@b)33MQvI;=lpO7p5RisX{K^jp~fxt5)#mFZ@xT?Gp^H`~WFc^m~j
zQ6t40(8yHO?TH0RL*M+tqKe*dbKtaTC@f5xanW!?4XaxHW%5J8iE{^#cii73rs*<o
zKEzMcr()&R6m%%-72-h;G0+kt4{yil3ip%_S9HnsOX2FO1}}0z!fod590C00+E$$l
zZj~o;8_8tNkH6u*i_kDz$oO65wn)HI9W(#RL#(W`MA{vAeW8_Q#+)GYDBEcRQL1RA
zK`H%~t0SOni9pdIg8SE7ALEBvx7q9Fpu5V&-2{iL;a-8O&Et(DjwSo~kx$%1W8ofD
zX$vMPK7sZ2{JNV0XKnO!ha7m>bX3Me<W8I+dki3E;xFeJ#MuX{98oF{1!GM=I<h<k
zRhxpvgMl|!2u!J;r59)>qXLcgEw+T>CAgo@30yB7ux&=XI7n8S20C<XZt9C4mS?+6
z0~R)@Kc60odAifRYfqrr7>P$%$o;#NJ3Dlq9dkO|5_#8>1|9<Et%eiS=pYY%{(0c|
zu;^jrb=bJsQ+aFZJOvK0XeJxp5JM=6`A+=)+@zLmSbf9Q?L>-5KMtoo3RgWr)XZyk
zOl`1lEHG|#3mPyke#hBZK;0<)-KI4Gz0tKn%!-9lRr&k3P3H&(togdQEZT0Q?<|QA
z8<lswa~D6M$;hs3Np^pQiRw0gV72A@P$~zukEWS287-a59N0TzC?WbJ5a3I$<moCj
znLp|?%DUH(J5_L-THg-iiy7cCF++W81<O2n$CJpoi#1Jki6$^MuYf-Kd|4Zig6m<z
z3~-YlLsh3!aeJRDm7S}ac0se-Qh9&go#etQY%#zrjXfM;eJ}*{Jd1gHzuvNqp+#Lx
zX<m2rrlx!aOG7F`>b`Ms(IM>u#L$$*_d@(CoFILxl>a^)`iW$yiWP{;M@nCqANfTZ
z2mN;xX3{FrdZPqzfUEWPKA-!<P<V6&ot!4OMz>0mzEg7YV1P}Lz@PF=Lv*hr)=Qr{
zPb9jWb<{YQkwk(B*CixKBK?i4KS9%6s=~6%p2`Z(V<5Kv2sW@>16c)Tmt-_H296y$
zl6#|Tk)*{Q?=bp-Vf0_|Lff@NbiC`NBYH!JIUC%A28W}72`ui>S<L#CUGKbq4UbkL
z^vxbe=5Sm%xs(}ndka2g53rTFpee?i((XE<6LIOvp)nJi7;Cz=zD8T1fED$&;uJ{a
z?w61Ff54D+gP4`6^+41^Sfg+l+)n&{-#@J15>#vLD#Pb4Ww6n9YLU;ANOAgdN7b%(
zN=4ee*Od-7r5q|-P_vdR<|eXiG)D$t2{F1P$JDK`>cQSvg<LOgfFP^UARGg+r$irD
z9?7|t2I9<2PizmV?Caa!-o_WUTu@`^nQ#u@#;N!qG<Bs$M|fyv4DYk`){au+JT5n{
z5VN0AahK0%?7`djCd5}Zf63vq)hlI{{rmmW%Y?ez&5A%fH>^@64T*iyw%5^=dBb1b
zDRcS8;W?j`v8@ockIT@)na`%%-;Gdg&nBb~Cb;!zbug;S3i{B}eMNX^F_r4n5g*t3
zkL(KuP;3cifP!-2oUDP?BOhjrbJ~Jh^Q1g_aQxc<r~!XOd~g$R!#6ntzO)<bcI~Ix
ze5G7=9<wkxosJRL-|S%9-h2<@F4q;g@{Uh%H%N333dZ!7ve}JGQ=#kZEUyGfdCs8L
z#@bwFSmpFYvc)uQ3~3eio2I>ds6Psc`PdsKy43a?`ni<-B*T9m4zfA&`KtL|v{5pq
z`DrEHN9%YFLwvZyC|>P_;l~j2elrCoL(EGUaR0NQB^d6bHQ1EO6)B~_{`;(2O+4uN
z8CP8i1(g)=|38!d8V3Lhfd1d|H~yd3(*G6tPuAn#)Bh2n!2AzJL|qBv?-&3;{hOhG
Ks}k|Q-G2cJ<sF;=

literal 0
HcmV?d00001

diff --git a/Solutions/ISC Bind/Package/createUiDefinition.json b/Solutions/ISC Bind/Package/createUiDefinition.json
index b15a11a8abc..626d24e3d0a 100644
--- a/Solutions/ISC Bind/Package/createUiDefinition.json	
+++ b/Solutions/ISC Bind/Package/createUiDefinition.json	
@@ -6,7 +6,7 @@
     "config": {
       "isWizard": false,
       "basics": {
-        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/ISC%20Bind/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [ISC Bind](https://www.isc.org/bind/) solution for Microsoft Sentinel allows you to ingest ISC Bind logs to get better insights into your organization's network traffic data, DNS query data, traffic statistics and improves your security operation capabilities.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by **Aug 31, 2024**. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Data Connectors:** 1, **Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
+        "description": "<img src=\"https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/Logos/Azure_Sentinel.svg\" width=\"75px\" height=\"75px\">\n\n**Note:** Please refer to the following before installing the solution: \n\n• Review the solution [Release Notes](https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/ISC%20Bind/ReleaseNotes.md)\n\n • There may be [known issues](https://aka.ms/sentinelsolutionsknownissues) pertaining to this Solution, please refer to them before installing.\n\nThe [ISC Bind](https://www.isc.org/bind/) solution for Microsoft Sentinel allows you to ingest ISC Bind logs to get better insights into your organization's network traffic data, DNS query data, traffic statistics and improves your security operation capabilities.\n\nThis solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation. \n\n **NOTE**: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on **Aug 31, 2024.** Using MMA and AMA on same machine can cause log duplication and extra ingestion cost [more details](https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate).\n\n**Parsers:** 1\n\n[Learn more about Microsoft Sentinel](https://aka.ms/azuresentinel) | [Learn more about Solutions](https://aka.ms/azuresentinelsolutionsdoc)",
         "subscription": {
           "resourceProviders": [
             "Microsoft.OperationsManagement/solutions",
@@ -50,39 +50,7 @@
         "visible": true
       }
     ],
-    "steps": [
-      {
-        "name": "dataconnectors",
-        "label": "Data Connectors",
-        "bladeTitle": "Data Connectors",
-        "elements": [
-          {
-            "name": "dataconnectors1-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "This Solution installs the data connector for ISC Bind. You can get ISC Bind Syslog data in your Microsoft Sentinel workspace. After installing the solution, configure and enable this data connector by following guidance in Manage solution view."
-            }
-          },
-          {
-            "name": "dataconnectors-parser-text",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "text": "The Solution installs a parser that transforms the ingested data into Microsoft Sentinel normalized format. The normalized format enables better correlation of different types of data from different data sources to drive end-to-end outcomes seamlessly in security monitoring, hunting, incident investigation and response scenarios in Microsoft Sentinel."
-            }
-          },
-          {
-            "name": "dataconnectors-link2",
-            "type": "Microsoft.Common.TextBlock",
-            "options": {
-              "link": {
-                "label": "Learn more about connecting data sources",
-                "uri": "https://docs.microsoft.com/azure/sentinel/connect-data-sources"
-              }
-            }
-          }
-        ]
-      }
-    ],
+    "steps": [{}],
     "outputs": {
       "workspace-location": "[first(map(filter(basics('getLAWorkspace').value, (filter) => and(contains(toLower(filter.id), toLower(resourceGroup().name)),equals(filter.name,basics('workspace')))), (item) => item.location))]",
       "location": "[location()]",
diff --git a/Solutions/ISC Bind/Package/mainTemplate.json b/Solutions/ISC Bind/Package/mainTemplate.json
index 3502c5c35f9..8b180682b71 100644
--- a/Solutions/ISC Bind/Package/mainTemplate.json	
+++ b/Solutions/ISC Bind/Package/mainTemplate.json	
@@ -33,18 +33,9 @@
     "email": "support@microsoft.com",
     "_email": "[variables('email')]",
     "_solutionName": "ISC Bind",
-    "_solutionVersion": "3.0.1",
+    "_solutionVersion": "3.0.2",
     "solutionId": "azuresentinel.azure-sentinel-solution-iscbind",
     "_solutionId": "[variables('solutionId')]",
-    "uiConfigId1": "ISCBind",
-    "_uiConfigId1": "[variables('uiConfigId1')]",
-    "dataConnectorContentId1": "ISCBind",
-    "_dataConnectorContentId1": "[variables('dataConnectorContentId1')]",
-    "dataConnectorId1": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-    "_dataConnectorId1": "[variables('dataConnectorId1')]",
-    "dataConnectorTemplateSpecName1": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat(parameters('workspace'),'-dc-',uniquestring(variables('_dataConnectorContentId1'))))]",
-    "dataConnectorVersion1": "1.0",
-    "_dataConnectorcontentProductId1": "[concat(take(variables('_solutionId'),50),'-','dc','-', uniqueString(concat(variables('_solutionId'),'-','DataConnector','-',variables('_dataConnectorContentId1'),'-', variables('dataConnectorVersion1'))))]",
     "parserObject1": {
       "_parserName1": "[concat(parameters('workspace'),'/','ISCBind')]",
       "_parserId1": "[resourceId('Microsoft.OperationalInsights/workspaces/savedSearches', parameters('workspace'), 'ISCBind')]",
@@ -55,370 +46,6 @@
     "_solutioncontentProductId": "[concat(take(variables('_solutionId'),50),'-','sl','-', uniqueString(concat(variables('_solutionId'),'-','Solution','-',variables('_solutionId'),'-', variables('_solutionVersion'))))]"
   },
   "resources": [
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[variables('dataConnectorTemplateSpecName1')]",
-      "location": "[parameters('workspace-location')]",
-      "dependsOn": [
-        "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
-      ],
-      "properties": {
-        "description": "ISC Bind data connector with template version 3.0.1",
-        "mainTemplate": {
-          "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
-          "contentVersion": "[variables('dataConnectorVersion1')]",
-          "parameters": {},
-          "variables": {},
-          "resources": [
-            {
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-              "apiVersion": "2021-03-01-preview",
-              "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-              "location": "[parameters('workspace-location')]",
-              "kind": "GenericUI",
-              "properties": {
-                "connectorUiConfig": {
-                  "id": "[variables('_uiConfigId1')]",
-                  "title": "[Deprecated] ISC Bind",
-                  "publisher": "ISC",
-                  "descriptionMarkdown": "The [ISC Bind](https://www.isc.org/bind/) connector allows you to easily connect your ISC Bind logs with Microsoft Sentinel. This gives you more insight into your organization's network traffic data, DNS query data, traffic statistics and improves your security operation capabilities.",
-                  "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution.",
-                  "graphQueries": [
-                    {
-                      "metricName": "Total data received",
-                      "legend": "ISCBind",
-                      "baseQuery": "ISCBind"
-                    }
-                  ],
-                  "sampleQueries": [
-                    {
-                      "description": "Top 10 Domains Queried",
-                      "query": "ISCBind \n| where EventSubType == \"request\" \n| summarize count() by DnsQuery \n| top 10 by count_"
-                    },
-                    {
-                      "description": "Top 10 clients by Source IP Address",
-                      "query": "ISCBind \n| where EventSubType == \"request\" \n| summarize count() by SrcIpAddr \n| top 10 by count_"
-                    }
-                  ],
-                  "dataTypes": [
-                    {
-                      "name": "Syslog (ISCBind)",
-                      "lastDataReceivedQuery": "ISCBind \n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-                    }
-                  ],
-                  "connectivityCriterias": [
-                    {
-                      "type": "IsConnectedQuery",
-                      "value": [
-                        "ISCBind \n      | where TimeGenerated > ago(3d)\n       |take 1\n       | project IsConnected = true"
-                      ]
-                    }
-                  ],
-                  "availability": {
-                    "status": 1,
-                    "isPreview": false
-                  },
-                  "permissions": {
-                    "resourceProvider": [
-                      {
-                        "provider": "Microsoft.OperationalInsights/workspaces",
-                        "permissionsDisplayText": "write permission is required.",
-                        "providerDisplayName": "Workspace",
-                        "scope": "Workspace",
-                        "requiredPermissions": {
-                          "write": true,
-                          "delete": true
-                        }
-                      }
-                    ],
-                    "customs": [
-                      {
-                        "name": "ISC Bind",
-                        "description": "must be configured to export logs via Syslog"
-                      }
-                    ]
-                  },
-                  "instructionSteps": [
-                    {
-                      "description": "**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias ISCBind and load the function code or click [here](https://aka.ms/sentinel-iscbind-parser).The function usually takes 10-15 minutes to activate after solution installation/update."
-                    },
-                    {
-                      "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "title": "Choose where to install the agent:",
-                            "instructionSteps": [
-                              {
-                                "title": "Install agent on Azure Linux Virtual Machine",
-                                "description": "Select the machine to install the agent on and then click **Connect**.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxVirtualMachine"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              },
-                              {
-                                "title": "Install agent on a non-Azure Linux Machine",
-                                "description": "Download the agent on the relevant machine and follow the instructions.",
-                                "instructions": [
-                                  {
-                                    "parameters": {
-                                      "linkType": "InstallAgentOnLinuxNonAzure"
-                                    },
-                                    "type": "InstallAgent"
-                                  }
-                                ]
-                              }
-                            ]
-                          },
-                          "type": "InstructionStepsGroup"
-                        }
-                      ],
-                      "title": "1. Install and onboard the agent for Linux"
-                    },
-                    {
-                      "description": "Configure the facilities you want to collect and their severities.\n 1. Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.\n 2. Select **Apply below configuration to my machines** and select the facilities and severities.\n 3.  Click **Save**.",
-                      "instructions": [
-                        {
-                          "parameters": {
-                            "linkType": "OpenSyslogSettings"
-                          },
-                          "type": "InstallAgent"
-                        }
-                      ],
-                      "title": "2. Configure the logs to be collected"
-                    },
-                    {
-                      "description": "1. Follow these instructions to configure the ISC Bind to forward syslog: \n - [DNS Logs](https://kb.isc.org/docs/aa-01526) \n2. Configure Syslog to send the Syslog traffic to Agent. Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address.",
-                      "title": "3. Configure and connect the ISC Bind"
-                    }
-                  ],
-                  "metadata": {
-                    "id": "c6571a09-375c-4482-9cf9-15bb7935f201",
-                    "version": "1.0",
-                    "kind": "dataConnector",
-                    "source": {
-                      "kind": "solution",
-                      "name": "ISCBind"
-                    },
-                    "author": {
-                      "name": "Microsoft"
-                    },
-                    "support": {
-                      "tier": "Microsoft",
-                      "name": "Microsoft",
-                      "email": "support@microsoft.com"
-                    }
-                  }
-                }
-              }
-            },
-            {
-              "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-              "apiVersion": "2023-04-01-preview",
-              "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-              "properties": {
-                "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-                "contentId": "[variables('_dataConnectorContentId1')]",
-                "kind": "DataConnector",
-                "version": "[variables('dataConnectorVersion1')]",
-                "source": {
-                  "kind": "Solution",
-                  "name": "ISC Bind",
-                  "sourceId": "[variables('_solutionId')]"
-                },
-                "author": {
-                  "name": "Microsoft",
-                  "email": "[variables('_email')]"
-                },
-                "support": {
-                  "tier": "Microsoft",
-                  "name": "Microsoft Corporation",
-                  "email": "support@microsoft.com",
-                  "link": "https://support.microsoft.com/"
-                }
-              }
-            }
-          ]
-        },
-        "packageKind": "Solution",
-        "packageVersion": "[variables('_solutionVersion')]",
-        "packageName": "[variables('_solutionName')]",
-        "packageId": "[variables('_solutionId')]",
-        "contentSchemaVersion": "3.0.0",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "contentKind": "DataConnector",
-        "displayName": "[Deprecated] ISC Bind",
-        "contentProductId": "[variables('_dataConnectorcontentProductId1')]",
-        "id": "[variables('_dataConnectorcontentProductId1')]",
-        "version": "[variables('dataConnectorVersion1')]"
-      }
-    },
-    {
-      "type": "Microsoft.OperationalInsights/workspaces/providers/metadata",
-      "apiVersion": "2023-04-01-preview",
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',concat('DataConnector-', last(split(variables('_dataConnectorId1'),'/'))))]",
-      "dependsOn": [
-        "[variables('_dataConnectorId1')]"
-      ],
-      "location": "[parameters('workspace-location')]",
-      "properties": {
-        "parentId": "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/dataConnectors', variables('_dataConnectorContentId1'))]",
-        "contentId": "[variables('_dataConnectorContentId1')]",
-        "kind": "DataConnector",
-        "version": "[variables('dataConnectorVersion1')]",
-        "source": {
-          "kind": "Solution",
-          "name": "ISC Bind",
-          "sourceId": "[variables('_solutionId')]"
-        },
-        "author": {
-          "name": "Microsoft",
-          "email": "[variables('_email')]"
-        },
-        "support": {
-          "tier": "Microsoft",
-          "name": "Microsoft Corporation",
-          "email": "support@microsoft.com",
-          "link": "https://support.microsoft.com/"
-        }
-      }
-    },
-    {
-      "name": "[concat(parameters('workspace'),'/Microsoft.SecurityInsights/',variables('_dataConnectorContentId1'))]",
-      "apiVersion": "2021-03-01-preview",
-      "type": "Microsoft.OperationalInsights/workspaces/providers/dataConnectors",
-      "location": "[parameters('workspace-location')]",
-      "kind": "GenericUI",
-      "properties": {
-        "connectorUiConfig": {
-          "title": "[Deprecated] ISC Bind",
-          "publisher": "ISC",
-          "descriptionMarkdown": "The [ISC Bind](https://www.isc.org/bind/) connector allows you to easily connect your ISC Bind logs with Microsoft Sentinel. This gives you more insight into your organization's network traffic data, DNS query data, traffic statistics and improves your security operation capabilities.",
-          "graphQueries": [
-            {
-              "metricName": "Total data received",
-              "legend": "ISCBind",
-              "baseQuery": "ISCBind"
-            }
-          ],
-          "dataTypes": [
-            {
-              "name": "Syslog (ISCBind)",
-              "lastDataReceivedQuery": "ISCBind \n            | summarize Time = max(TimeGenerated)\n            | where isnotempty(Time)"
-            }
-          ],
-          "connectivityCriterias": [
-            {
-              "type": "IsConnectedQuery",
-              "value": [
-                "ISCBind \n      | where TimeGenerated > ago(3d)\n       |take 1\n       | project IsConnected = true"
-              ]
-            }
-          ],
-          "sampleQueries": [
-            {
-              "description": "Top 10 Domains Queried",
-              "query": "ISCBind \n| where EventSubType == \"request\" \n| summarize count() by DnsQuery \n| top 10 by count_"
-            },
-            {
-              "description": "Top 10 clients by Source IP Address",
-              "query": "ISCBind \n| where EventSubType == \"request\" \n| summarize count() by SrcIpAddr \n| top 10 by count_"
-            }
-          ],
-          "availability": {
-            "status": 1,
-            "isPreview": false
-          },
-          "permissions": {
-            "resourceProvider": [
-              {
-                "provider": "Microsoft.OperationalInsights/workspaces",
-                "permissionsDisplayText": "write permission is required.",
-                "providerDisplayName": "Workspace",
-                "scope": "Workspace",
-                "requiredPermissions": {
-                  "write": true,
-                  "delete": true
-                }
-              }
-            ],
-            "customs": [
-              {
-                "name": "ISC Bind",
-                "description": "must be configured to export logs via Syslog"
-              }
-            ]
-          },
-          "instructionSteps": [
-            {
-              "description": "**NOTE:** This data connector depends on a parser based on a Kusto Function to work as expected which is deployed as part of the solution. To view the function code in Log Analytics, open Log Analytics/Microsoft Sentinel Logs blade, click Functions and search for the alias ISCBind and load the function code or click [here](https://aka.ms/sentinel-iscbind-parser).The function usually takes 10-15 minutes to activate after solution installation/update."
-            },
-            {
-              "description": "Typically, you should install the agent on a different computer from the one on which the logs are generated.\n\n>  Syslog logs are collected only from **Linux** agents.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "title": "Choose where to install the agent:",
-                    "instructionSteps": [
-                      {
-                        "title": "Install agent on Azure Linux Virtual Machine",
-                        "description": "Select the machine to install the agent on and then click **Connect**.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxVirtualMachine"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      },
-                      {
-                        "title": "Install agent on a non-Azure Linux Machine",
-                        "description": "Download the agent on the relevant machine and follow the instructions.",
-                        "instructions": [
-                          {
-                            "parameters": {
-                              "linkType": "InstallAgentOnLinuxNonAzure"
-                            },
-                            "type": "InstallAgent"
-                          }
-                        ]
-                      }
-                    ]
-                  },
-                  "type": "InstructionStepsGroup"
-                }
-              ],
-              "title": "1. Install and onboard the agent for Linux"
-            },
-            {
-              "description": "Configure the facilities you want to collect and their severities.\n 1. Under workspace advanced settings **Configuration**, select **Data** and then **Syslog**.\n 2. Select **Apply below configuration to my machines** and select the facilities and severities.\n 3.  Click **Save**.",
-              "instructions": [
-                {
-                  "parameters": {
-                    "linkType": "OpenSyslogSettings"
-                  },
-                  "type": "InstallAgent"
-                }
-              ],
-              "title": "2. Configure the logs to be collected"
-            },
-            {
-              "description": "1. Follow these instructions to configure the ISC Bind to forward syslog: \n - [DNS Logs](https://kb.isc.org/docs/aa-01526) \n2. Configure Syslog to send the Syslog traffic to Agent. Use the IP address or hostname for the Linux device with the Linux agent installed as the Destination IP address.",
-              "title": "3. Configure and connect the ISC Bind"
-            }
-          ],
-          "id": "[variables('_uiConfigId1')]",
-          "additionalRequirementBanner": "These queries are dependent on a parser based on a Kusto Function deployed as part of the solution."
-        }
-      }
-    },
     {
       "type": "Microsoft.OperationalInsights/workspaces/providers/contentTemplates",
       "apiVersion": "2023-04-01-preview",
@@ -428,7 +55,7 @@
         "[extensionResourceId(resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspace')), 'Microsoft.SecurityInsights/contentPackages', variables('_solutionId'))]"
       ],
       "properties": {
-        "description": "ISCBind Data Parser with template version 3.0.1",
+        "description": "ISCBind Data Parser with template version 3.0.2",
         "mainTemplate": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
           "contentVersion": "[variables('parserObject1').parserVersion1]",
@@ -556,12 +183,12 @@
       "apiVersion": "2023-04-01-preview",
       "location": "[parameters('workspace-location')]",
       "properties": {
-        "version": "3.0.1",
+        "version": "3.0.2",
         "kind": "Solution",
         "contentSchemaVersion": "3.0.0",
         "displayName": "ISC Bind",
         "publisherDisplayName": "Microsoft Sentinel, Microsoft Corporation",
-        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/ISC%20Bind/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.isc.org/bind/\">ISC Bind</a> solution for Microsoft Sentinel allows you to ingest ISC Bind logs to get better insights into your organization's network traffic data, DNS query data, traffic statistics and improves your security operation capabilities.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which is about to be deprecated by <strong>Aug 31, 2024</strong>. Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Data Connectors:</strong> 1, <strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
+        "descriptionHtml": "<p><strong>Note:</strong> Please refer to the following before installing the solution:</p>\n<p>• Review the solution <a href=\"https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/ISC%20Bind/ReleaseNotes.md\">Release Notes</a></p>\n<p>• There may be <a href=\"https://aka.ms/sentinelsolutionsknownissues\">known issues</a> pertaining to this Solution, please refer to them before installing.</p>\n<p>The <a href=\"https://www.isc.org/bind/\">ISC Bind</a> solution for Microsoft Sentinel allows you to ingest ISC Bind logs to get better insights into your organization's network traffic data, DNS query data, traffic statistics and improves your security operation capabilities.</p>\n<p>This solution is dependent on the Syslog solution containing the Syslog via AMA connector to collect the logs. The Syslog  solution will be installed as part of this solution installation.</p>\n<p><strong>NOTE</strong>: Microsoft recommends installation of Syslog via AMA Connector. Legacy connector uses the Log Analytics agent which were deprecated on <strong>Aug 31, 2024.</strong> Using MMA and AMA on same machine can cause log duplication and extra ingestion cost <a href=\"https://learn.microsoft.com/en-us/azure/sentinel/ama-migrate\">more details</a>.</p>\n<p><strong>Parsers:</strong> 1</p>\n<p><a href=\"https://aka.ms/azuresentinel\">Learn more about Microsoft Sentinel</a> | <a href=\"https://aka.ms/azuresentinelsolutionsdoc\">Learn more about Solutions</a></p>\n",
         "contentKind": "Solution",
         "contentProductId": "[variables('_solutioncontentProductId')]",
         "id": "[variables('_solutioncontentProductId')]",
@@ -585,11 +212,6 @@
         },
         "dependencies": {
           "criteria": [
-            {
-              "kind": "DataConnector",
-              "contentId": "[variables('_dataConnectorContentId1')]",
-              "version": "[variables('dataConnectorVersion1')]"
-            },
             {
               "kind": "Parser",
               "contentId": "[variables('parserObject1').parserContentId1]",
diff --git a/Solutions/ISC Bind/ReleaseNotes.md b/Solutions/ISC Bind/ReleaseNotes.md
index 11a6617da1d..cea53e6fc37 100644
--- a/Solutions/ISC Bind/ReleaseNotes.md	
+++ b/Solutions/ISC Bind/ReleaseNotes.md	
@@ -1,5 +1,6 @@
 | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History**                                                 |
 |-------------|--------------------------------|--------------------------------------------------------------------|
-| 3.0.1       | 24-07-2024                     |	 Deprecated Data connectors                            |
-| 3.0.0       | 09-10-2023                     |	 Corrected the links in the solution                            |
+| 3.0.2       | 27-12-2024                     |     Removed Deprecated **Data connector**                          |
+| 3.0.1       | 24-07-2024                     |     Deprecated Data connectors                                     |
+| 3.0.0       | 09-10-2023                     |     Corrected the links in the solution                            |